|
cazarinint
|
May 29, 2020 at 10:00 am
I am getting an error described in the details, “Sorry, you are not allowed to list events. Missing permissions: ee_read… ”
I have checked my permissions and applied the FCGi htaccess item (just in case) and I am still getting this on our site.
|
|
Seth Shoultes
|
May 30, 2020 at 8:23 am
Would it be possible to get access to the site for testing? If so, please send WordPress admin-level log in credentials via this form:
https://eventespresso.com/send-login-details/
|
|
cazarinint
|
June 1, 2020 at 9:53 am
This reply has been marked as private.
|
|
cazarinint
|
June 1, 2020 at 10:03 am
This reply has been marked as private.
|
|
Seth Shoultes
|
June 1, 2020 at 10:08 am
Thanks for sending over the login information. When testing the API for events, while logged in on your site, I can get a list of events just fine. Here’s a screenshot from Postman:
https://monosnap.com/file/O41Lgw2PQMRP7APR4yQ6tRpIEkklqZ
However, when examining the API endpoint for registrations, I seem to be getting errors related to permissions:
https://monosnap.com/file/9B2IdevKFiJ1YUEh6gmBoF0ctZasCf
I’ll ask another Event Espresso team member to see if they have any suggestions.
|
|
cazarinint
|
June 1, 2020 at 10:19 am
Thank you for the update. I just confirmed that the “EESupport” login has all ee_ capabilities. The user is an administrator account as well. We are using the AAM plugin I hope it’s not interfering in some way because we rely on it for page presence to different roles.
|
|
Tony
|
June 1, 2020 at 3:34 pm
This still looks like Auth headers aren’t being passed on your server.
The events endpoint Seth mentioned use unauthorized requests, you don’t need any authentication as its already public information (viewing your events on the site gives you the same info).
The registrations endpoint, (or the event endpoint using registration data) requires authentication and those are returning 403.
We don’t have permissions above to install plugins, can you add the REST API log plugin on the site?
https://wordpress.org/plugins/wp-rest-api-log/
|
|
cazarinint
|
June 1, 2020 at 3:45 pm
Installed. Should I test again or is there more on your end?
It’s kind of strange all of this was working a few months ago when I last tested. Then COVID hit and we don’t have in-person events for a few months.
David
|
|
Tony
|
June 1, 2020 at 5:13 pm
Yeah the authorization header isn’t being passed on your server: https://monosnap.com/file/f2v8YrJykmwVK72Nz4raTEh993XAQT
That’s mine on the left and yours on the right. _authorization is being added to the query but that should have been processed and removed.
It’s kind of strange all of this was working a few months ago when I last tested. Then COVID hit and we don’t have in-person events for a few months.
A few months is a long time for updates and anything could have been updated to prevent this from working, plugins, theme or server updates.
I’m assuming the site you gave access to is your dev site? If so you could try temporarily de-activating AAM and see if it makes a difference (as it also processes authorization). I’d recommend creating a backup of the database before de-activating just to be safe, some plugins do weird things on deactivation.
|
|
cazarinint
|
June 3, 2020 at 7:34 am
have to coordinate with our dev team, because when AAM is disabled it will change what they are testing as they work on some private page content. Is there a time that we could cordinate to do this… it seems you are later than me would today after 4pm CDT work for you and then we can turn it back on tomorrow morning?
|
|
Tony
|
June 3, 2020 at 7:46 am
In that case, rather than working on a site with active testing/development on it I would recommend cloning that site into a subdirectory to troubleshoot this particular issue there without causing problems from other users.
If the above site is essentially a dev site then you would be basically creating a snapshot of your dev site in which you could troubleshoot and test changes without any issues for others and then once a solution is found apply that to the live site for testing.
However, how you test this is up to you.
For the above testing you don’t really need me to be available (although I’ll happily test logging in whilst it is deactivated), you just need to see if you can log in with the app whilst AAM is disabled.
|
|
cazarinint
|
June 3, 2020 at 7:52 am
I completely understand, thank you. I will perform the AAM test and post results – if seems there is an issue will clone and prepare as suggested. Thanks!
|
|
Tony
|
June 3, 2020 at 8:01 am
No problem, to actually answer your question regarding times.
I’m based in the UK so 4 pm CDT is around 10 pm for me and whilst I’m generally still around then I make no promises.
I’m more than happy to test it whilst AAM is disabled but I would basically just be doing the same as you and with the REST API Log enabled I’ll see the requests at some point anyway.
|
